Meeting Summary

After welcome and introductions, Dave Ferguson from FishNet Security presented a variety of ways that attackers can subvert web applications. These were real-life examples he has encountered in his consulting work. Vulnerabilities discussed were cross-site scripting, cross-site request forgery, and parameter tampering.

Following a break, Rohini Sulatycki from VML discussed her experience with AJAX and explained that the technology is not inherently secure or insecure, but is simply one approach that can be taken when developing a web application. The specific implementation of the approach is what determines the level of security of the application.